File name:

5709079ad9546ff4746984adbb5eed3b.eml

Full analysis: https://app.any.run/tasks/c7a3edb9-038e-4ee7-b5a4-20384455a3e3
Verdict: Malicious activity
Threats:

Tycoon 2FA is a phishing-as-a-service (PhaaS) platform designed to bypass multi-factor authentication (MFA) protections, particularly targeting Microsoft 365 and Gmail accounts. Its advanced evasion techniques and modular architecture make it a significant threat to organizations relying on MFA for security.

Malware Trends Tracker     >>>
Analysis date: December 13, 2024, 20:25:09
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
sharepoint
possible-phishing
phishing
tycoon
storm1747
phishing
phishing-ml
obfuscated-js
Indicators:
MIME: text/plain
File info: ASCII text, with very long lines (670), with CRLF, LF line terminators
MD5:

88EC95D6B3D60A22BDD249B1FDCFCBB7

SHA1:

EFBC3A8E5D6AD9F46B940CA3263E58E0D4957940

SHA256:

6318A7286CCE3D246700DE037CE955DB7D82924779DB0666FBE468D17B19446A

SSDEEP:

6144:DxBSI96pPwY5pWhw60WGrb/YiyWcEctmN4AEOwhd+LrrI:tylWGXRsmGOwWLrrI

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • PHISHING has been detected (SURICATA)

      • msedge.exe (PID: 2100)

  • SUSPICIOUS

    • Access to SharePoint Content

      • msedge.exe (PID: 4320)

  • INFO

    • Reads Microsoft Office registry keys

      • OpenWith.exe (PID: 2292)

    • Checks supported languages

      • identity_helper.exe (PID: 1732)

    • Reads the computer name

      • identity_helper.exe (PID: 1732)

    • Reads Environment values

      • identity_helper.exe (PID: 1732)

    • The sample compiled with english language support

      • msedge.exe (PID: 5316)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 5316)

    • Application launched itself

      • msedge.exe (PID: 4320)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.mbox | Standard Unix Mailbox (74.3)
.eml | E-Mail message (Var. 2) (25.6)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
186
Monitored processes
54
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start outlook.exe ai.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs #PHISHING msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs openwith.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
848"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2404 --field-trial-handle=2408,i,10915331300193841231,16685564704493784427,262144 --variations-seed-version /prefetch:2C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
968"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5692 --field-trial-handle=2408,i,10915331300193841231,16685564704493784427,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1016"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6736 --field-trial-handle=2408,i,10915331300193841231,16685564704493784427,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.59\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
3221226029
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\identity_helper.exe
c:\windows\system32\ntdll.dll
1172"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=6104 --field-trial-handle=2408,i,10915331300193841231,16685564704493784427,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1296"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4368 --field-trial-handle=2408,i,10915331300193841231,16685564704493784427,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1328"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7092 --field-trial-handle=2408,i,10915331300193841231,16685564704493784427,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1328"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6884 --field-trial-handle=2408,i,10915331300193841231,16685564704493784427,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1356"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6224 --field-trial-handle=2408,i,10915331300193841231,16685564704493784427,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1380"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4416 --field-trial-handle=2408,i,10915331300193841231,16685564704493784427,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1400"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6180 --field-trial-handle=2408,i,10915331300193841231,16685564704493784427,262144 --variations-seed-version /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
16 105
Read events
15 590
Write events
430
Delete events
85

Modification events

(PID) Process:(5432) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\ClientTelemetry\Sampling
Operation:writeName:6
Value:
01941A000000001000B24E9A3E06000000000000000600000000000000
(PID) Process:(5432) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\Common\CrashPersistence\OUTLOOK\5432
Operation:writeName:0
Value:
0B0E1040B7DBFE21E22849A4BBD2E33B01094E230046E6D7B9F6D1B3D3ED016A04102400449A7D64B29D01008500A907556E6B6E6F776EC906022222CA0DC2190000C91003783634C511B82AD2120B6F00750074006C006F006F006B002E00650078006500C51620C517808004C91808323231322D44656300
(PID) Process:(5432) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics
Operation:delete valueName:BootCommand
Value:
(PID) Process:(5432) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics
Operation:delete valueName:BootFailureCount
Value:
(PID) Process:(5432) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
Operation:delete keyName:(default)
Value:
(PID) Process:(5432) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
Operation:writeName:CantBootResolution
Value:
BootSuccess
(PID) Process:(5432) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
Operation:writeName:ProfileBeingOpened
Value:
Outlook
(PID) Process:(5432) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
Operation:writeName:SessionId
Value:
C3D8E96E-C1AF-4750-8D52-F4E28119C131
(PID) Process:(5432) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics\BootDiagnosticsDataPreviousSession
Operation:writeName:BootDiagnosticsLogFile
Value:
C:\Users\admin\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16026_20146-20240718T1116060318-1644.etl
(PID) Process:(5432) OUTLOOK.EXEKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\Diagnostics
Operation:delete valueName:ProfileBeingOpened
Value:
Executable files
149
Suspicious files
2 294
Text files
114
Unknown types
2

Dropped files

PID
Process
Filename
Type
5432OUTLOOK.EXEC:\Users\admin\Documents\Outlook Files\Outlook1.pst
MD5:
SHA256:
5432OUTLOOK.EXEC:\Users\admin\AppData\Local\Temp\olk5C6B.tmpbinary
MD5:46AC436177489DFDF958226D26C1228C
SHA256:9E970BD40F41E8839D88DE0FEEFB0470BD200A6B3DBC99D0F6FBCAF52FD39176
5432OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\TokenBroker\Cache\56a61aeb75d8f5be186c26607f4bb213abe7c5ec.tbresbinary
MD5:8E02F45022005F29C0ABC4AEC6E1AC5A
SHA256:190DDD852F352949AE33694F94B6428573C29FAED597195E437D378CE04294FA
5432OUTLOOK.EXEC:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotmpgc
MD5:F4C6A2F04AB577240E0E096B156D1B18
SHA256:271530317EA050663DE741F8D5A9CBB756ED7089BD0141D45D18BD83573F5977
5432OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbresbinary
MD5:4604342163B774D3417878DD45251B81
SHA256:CB0F0210528C039AB1AEF18CCCBA94678B4D9ED87B9822DA05C2E1A136F907D0
5432OUTLOOK.EXEC:\Users\admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\F427229B-FE77-4626-99EF-1A3DB4E500D6xml
MD5:A06C42D2CD5D924D689D6175A3D732D9
SHA256:80B0959AF2100CFB79E603C010D09C1266318254E97620810A8C190922AD0D5F
4320msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Last Versiontext
MD5:C7E2197BAE099B13BBB3ADEB1433487D
SHA256:3460EEAF45D581DD43A6E4E17AF8102DDAFF5AEAA88B10099527CF85211629E9
4320msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF13debb.TMP
MD5:
SHA256:
4320msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF13debb.TMP
MD5:
SHA256:
4320msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
48
TCP/UDP connections
149
DNS requests
157
Threats
44

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
184.24.77.37:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
2356
svchost.exe
GET
200
184.24.77.37:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
184.24.77.37:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
4712
MoUsoCoreWorker.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
2356
svchost.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1176
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5432
OUTLOOK.EXE
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
unknown
whitelisted
5432
OUTLOOK.EXE
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA77flR%2B3w%2FxBpruV2lte6A%3D
unknown
whitelisted
6096
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
192.168.100.255:137
whitelisted
184.24.77.37:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
2356
svchost.exe
184.24.77.37:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
4712
MoUsoCoreWorker.exe
184.24.77.37:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4712
MoUsoCoreWorker.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
2356
svchost.exe
23.35.229.160:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5064
SearchApp.exe
92.123.104.33:443
www.bing.com
Akamai International B.V.
DE
whitelisted
5064
SearchApp.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
whitelisted
crl.microsoft.com
  • 184.24.77.37
  • 184.24.77.35
whitelisted
www.microsoft.com
  • 23.35.229.160
  • 184.30.21.171
whitelisted
google.com
  • 142.250.185.110
whitelisted
www.bing.com
  • 92.123.104.33
  • 92.123.104.47
  • 92.123.104.35
  • 92.123.104.37
  • 92.123.104.59
  • 92.123.104.36
  • 92.123.104.63
  • 92.123.104.38
  • 92.123.104.31
  • 2.16.110.121
  • 2.16.110.170
  • 2.16.110.123
  • 2.16.110.176
  • 2.16.110.171
  • 92.123.104.18
  • 92.123.104.53
  • 92.123.104.23
  • 92.123.104.34
  • 92.123.104.46
  • 92.123.104.17
  • 92.123.104.64
  • 92.123.104.10
  • 92.123.104.65
  • 92.123.104.67
  • 92.123.104.7
  • 92.123.104.4
  • 92.123.104.5
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
officeclient.microsoft.com
  • 52.109.76.240
whitelisted
ecs.office.com
  • 52.113.194.132
whitelisted
go.microsoft.com
  • 23.213.166.81
  • 69.192.162.125
whitelisted
login.live.com
  • 20.190.159.64
  • 40.126.31.71
  • 20.190.159.2
  • 20.190.159.68
  • 40.126.31.67
  • 20.190.159.23
  • 40.126.31.73
  • 20.190.159.73
whitelisted

Threats

PID
Process
Class
Message
2100
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Request to SharePoint public/private file sharing TLS SNI (.sharepoint .com)
2100
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Request to SharePoint public/private file sharing DNS (.sharepoint .com)
2100
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Request to SharePoint public/private file sharing DNS (.sharepoint .com)
2100
msedge.exe
Possible Social Engineering Attempted
SUSPICIOUS [ANY.RUN] Accessing SharePoint content without a legitimate Microsoft Sign-In
Not Suspicious Traffic
INFO [ANY.RUN] Request to SharePoint public/private file sharing DNS (.sharepoint .com)
Not Suspicious Traffic
INFO [ANY.RUN] Request to SharePoint public/private file sharing DNS (.sharepoint .com)
2100
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Request to SharePoint public/private file sharing TLS SNI (.sharepoint .com)
2100
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Request to SharePoint public/private file sharing DNS (.sharepoint .com)
2100
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Request to SharePoint public/private file sharing DNS (.sharepoint .com)
Possible Social Engineering Attempted
PHISHING [ANY.RUN] Suspected Tycoon2FA`s Phishing-Kit domain by CrossDomain ( .rmmbwbmv .ru)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
5709079ad9546ff4746984adbb5eed3b.eml